1
내 앱에 restful_authentication이 있습니다. 그것으로 세션 컨트롤러가 생겼습니다. 한 가지는 제외하고 모든 것이 나를 위해 일하고있다. 창이 닫히고 같은 컴퓨터에서 다시 열리면 로그인 상태의 사용자를 포함하여 앱 상태가 저장됩니다. 브라우저 창을 닫을 때 내 앱에서 사용자를 로그 아웃해야합니다. 그러나 나는 그것이 일어나는 방법을 모른다. 저장을 유발하는 것이 있습니까? 아니면 그것을 죽일 무언가를 추가해야합니까? 여기 창을 닫을 때 로그 아웃
는 세션 컨트롤러 : 여기# This controller handles the login/logout function of the site.
class SessionsController < ApplicationController
# render new.rhtml
def new
end
def create
logout_keeping_session!
user = User.authenticate(params[:login], params[:password])
if user
unless user.active?
# ensures "deleted" users can't login
user = nil
end
end
if user
# Protects against session fixation attacks, causes request forgery
# protection if user resubmits an earlier form using back
# button. Uncomment if you understand the tradeoffs.
# reset_session
self.current_user = user
new_cookie_flag = (params[:remember_me] == "1")
handle_remember_cookie! new_cookie_flag
redirect_back_or_default('/')
else
note_failed_signin
@login = params[:login]
@remember_me = params[:remember_me]
render :action => 'new'
end
end
def destroy
logout_killing_session!
redirect_back_or_default('/', :notice => "You have been logged out.")
end
protected
# Track failed login attempts
def note_failed_signin
flash.now[:alert] = "Couldn't log you in as '#{params[:login]}'"
logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
end
end
module AuthenticatedSystem
protected
# Returns true or false if the user is logged in.
# Preloads @current_user with the user model if they're logged in.
def logged_in?
!!current_user
end
# Accesses the current user from the session.
# Future calls avoid the database because nil is not equal to false.
def current_user
@current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
end
# Store the given user id in the session.
def current_user=(new_user)
session[:user_id] = new_user ? new_user.id : nil
@current_user = new_user || false
end
def authorized?(action = action_name, resource = nil)
logged_in?
end
def login_required
authorized? || access_denied
end
def access_denied
respond_to do |format|
format.html do
store_location
redirect_to new_session_path
end
# format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
# Add any other API formats here. (Some browsers, notably IE6, send Accept: */* and trigger
# the 'format.any' block incorrectly. See http://bit.ly/ie6_borken or http://bit.ly/ie6_borken2
# for a workaround.)
format.any(:json, :xml) do
request_http_basic_authentication 'Web Password'
end
end
end
# Store the URI of the current request in the session.
#
# We can return to this location by calling #redirect_back_or_default.
def store_location
session[:return_to] = request.fullpath
end
# Redirect to the URI stored by the most recent store_location call or
# to the passed default. Set an appropriately modified
# after_filter :store_location, :only => [:index, :new, :show, :edit]
# for any controller you want to be bounce-backable.
def redirect_back_or_default(default, options = {})
redirect_to((session[:return_to] || default), options)
session[:return_to] = nil
end
# Inclusion hook to make #current_user and #logged_in?
# available as ActionView helper methods.
def self.included(base)
base.send :helper_method, :current_user, :logged_in?, :authorized? if base.respond_to? :helper_method
end
#
# Login
#
# Called from #current_user. First attempt to login by the user id stored in the session.
def login_from_session
self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]
end
# Called from #current_user. Now, attempt to login by basic authentication information.
def login_from_basic_auth
authenticate_with_http_basic do |login, password|
self.current_user = User.authenticate(login, password)
end
end
#
# Logout
#
# Called from #current_user. Finaly, attempt to login by an expiring token in the cookie.
# for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
def login_from_cookie
user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
if user && user.remember_token?
self.current_user = user
handle_remember_cookie! false # freshen cookie token (keeping date)
self.current_user
end
end
# This is ususally what you want; resetting the session willy-nilly wreaks
# havoc with forgery protection, and is only strictly necessary on login.
# However, **all session state variables should be unset here**.
def logout_keeping_session!
# Kill server-side auth cookie
@current_user.forget_me if @current_user.is_a? User
# @current_user = false # not logged in, and don't do it for me
kill_remember_cookie! # Kill client-side auth cookie
session[:user_id] = nil # keeps the session but kill our variable
# explicitly kill any other session variables you set
end
# The session should only be reset at the tail end of a form POST --
# otherwise the request forgery protection fails. It's only really necessary
# when you cross quarantine (logged-out to logged-in).
def logout_killing_session!
logout_keeping_session!
reset_session
end
'def login_from_cookie user = cookies [: auth_token] && User.find_by_remember_token (cookies [: auth_token]) 사용자가 && user.remember_token이면? self.current_user = user handle_remember_cookie! false # 쿠키 토큰을 새로 고침 (보관 날짜) self.current_user end end '
'remember_me '옵션을 선택한 경우에만 재생해야합니다. 비활성화되었습니다. –
사실이라면 인증 시스템을 심각하게 파고들 필요가 있습니다. 새 브라우저를 열 때 로그인 할 수있는 유일한 방법은 쿠키입니다. –
밝혀졌지만, IE8에서 제대로 작동하고 있습니다. 불행히도 내 대상 브라우저입니다. 그래서 지금은 정말 긴급한 문제입니다. (IE에서 제대로 작동하는 것을 상상해보십시오!) –